Railsgoat is a vulnerable version of the Ruby on Rails Framework and includes vulnerabilities from the OWASP Top 10, as well as some "extras" the project contributors felt worthwhile to share. This project is designed to educate both developers as well as security professionals. More information can be found at the "Unofficial" project site, listed below.

+

Railsgoat is a vulnerable version of the Ruby on Rails Framework and includes vulnerabilities from the OWASP Top 10, as well as some "extras" the initial project contributors felt worthwhile to share. This project is designed to educate both developers as well as security professionals. More information can be found at the "Unofficial" project site, listed below.

Revision as of 07:57, 6 June 2013

Railsgoat is a vulnerable version of the Ruby on Rails Framework and includes vulnerabilities from the OWASP Top 10, as well as some "extras" the initial project contributors felt worthwhile to share. This project is designed to educate both developers as well as security professionals. More information can be found at the "Unofficial" project site, listed below.

OWASP Railsgoat Project

This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each.

Introduction

Ruby on Rails is an incredibly popular web development framework. There are security concerns whether it be configuration related or language specific, developer-introduced vulnerabilities. Railsgoat comes pre-packaged with a tutorial section that covers the description of an issue, where the code flaw exists within the application, solution (for attack and prevention/mitigation), as well as a hint for those that would like to try and find the vulnerabilities themselves.

Purpose: This is a Rails application which is vulnerable to the OWASP Top 10. It is intended to show how each of these categories of vulnerabilities can manifest themselves in a Rails-specific way as well as provide the subsequent mitigations for each.